73 matches found
CVE-2021-43175
The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that accepts a username, password, and action that routes to other PHP files that implement the various API functions. Vulnerable versions of GOautodial validate the username and password incorrectly,...
CVE-2021-43175
The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that accepts a username, password, and action that routes to other PHP files that implement the various API functions. Vulnerable versions of GOautodial validate the username and password incorrectly,...
Design/Logic Flaw
The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 takes a user-supplied “action” parameter and appends a .php file extension to locate and load the correct PHP file to implement the API call. Vulnerable versions of GOautodial do not sanitize the user input that specifies the...
Default credentials
The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that accepts a username, password, and action that routes to other PHP files that implement the various API functions. Vulnerable versions of GOautodial validate the username and password incorrectly,...
CVE-2021-43176
The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 takes a user-supplied “action” parameter and appends a .php file extension to locate and load the correct PHP file to implement the API call. Vulnerable versions of GOautodial do not sanitize the user input that specifies the...
CVE-2021-43176
The CVE-2021-43176 entry describes a GOautodial API vulnerability: prior to commit 3c3a979 (Oct 13, 2021), the API accepts a user-supplied action parameter and appends .php to locate/load a PHP file, without sanitizing the action input. This allows an attacker to execute any PHP source file prese...
CVE-2021-43175
Summary (technical): GOautodial API before commit 3c3a979 (Oct 13, 2021) exposes a router that takes username, password, and an action to dispatch to PHP files. In vulnerable versions, credentials are not validated properly, letting callers specify arbitrary values and authenticate. Separate but ...
CVE-2021-43175
The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that accepts a username, password, and action that routes to other PHP files that implement the various API functions. Vulnerable versions of GOautodial validate the username and password incorrectly,...
GOautodial 路径遍历漏洞
GOautodial is a next-generation open source omnichannel contact center suite. GOautodial suffers from a security vulnerability that stems from the software taking a user-supplied action parameter and attaching a php file extension to locate and load the correct PHP file, but not filtering and...
GOautodial 授权问题漏洞
GOautodial is a next-generation open source omnichannel contact center suite. Goautodial suffers from an authorization issue vulnerability that arises when the API in the software does not properly validate usernames and passwords, allowing callers to specify any value for a parameter and...
PT-2021-23760 · Unknown · Goautodial
Name of the Vulnerable Software and Affected Versions: GOautodial versions prior to commit 3c3a979 Description: The issue concerns incorrect validation of the username and password parameters in the API router, allowing for successful authentication with any specified values. Recommendations: For...
GOautodial 4.0 - Authenticated Shell Upload
Exploit Title: GOautodial 4.0 - Authenticated Shell Upload Author: Balzabu Discovery Date: 07-23-2020 Vendor Homepage: https://goautodial.org/ Software Link: https://goautodial.org/GOautodial-4-x8664-Final-20191010-0150.iso.html Tested Version: 4.0 Last relase as of today Tested on OS: CentOS 7...
GOautodial 4.0 Shell Upload
Exploit Title: GOautodial 4.0 - Authenticated Shell Upload Author: Balzabu Discovery Date: 07-23-2020 Vendor Homepage: https://goautodial.org/ Software Link: https://goautodial.org/GOautodial-4-x8664-Final-20191010-0150.iso.html Tested Version: 4.0 Last relase as of today Tested on OS: CentOS 7...
GOautodial 4.0 Cross Site Scripting
Exploit Title: GOautodial 4.0 - Persistent Cross-Site Scripting Authenticated Author: Balzabu Discovery Date: 2020-07-23 Vendor Homepage: https://goautodial.org/ Software Link: https://goautodial.org/GOautodial-4-x8664-Final-20191010-0150.iso.html Tested Version: 4.0 Last relase as of today Teste...
GOautodial 4.0 - Persistent Cross-Site Scripting (Authenticated) Vulnerability
Exploit for php platform in category web applications Exploit Title: GOautodial 4.0 - Persistent Cross-Site Scripting Authenticated Author: Balzabu Vendor Homepage: https://goautodial.org/ Software Link: https://goautodial.org/GOautodial-4-x8664-Final-20191010-0150.iso.html Tested Version: 4.0 La...
GOautodial 4.0 - Persistent Cross-Site Scripting (Authenticated)
Exploit Title: GOautodial 4.0 - Persistent Cross-Site Scripting Authenticated Author: Balzabu Discovery Date: 2020-07-23 Vendor Homepage: https://goautodial.org/ Software Link: https://goautodial.org/GOautodial-4-x8664-Final-20191010-0150.iso.html Tested Version: 4.0 Last relase as of today Teste...
GOautodial 4.0 - (CreateEvent) Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: GOautodial 4.0 - 'CreateEvent' Persistent Cross-Site Scripting Author: Cakes Vendor Homepage: https://goautodial.org/ Software Link:...
GOautodial 4.0 Cross Site Scripting
Exploit Title: GOautodial 4.0 - 'CreateEvent' Persistent Cross-Site Scripting Author: Cakes Discovery Date: 2019-09-19 Vendor Homepage: https://goautodial.org/ Software Link: https://downloads2.goautodial.org/centos/7/isos/x8664/GOautodial-4-x8664-Pre-Release-20180929-0618.iso Tested Version: 4.0...
GOautodial 4.0 - CreateEvent Persistent Cross-Site Scripting
GOautodial 4.0 - CreateEvent Persistent Cross-Site Scripting Exploit Title: GOautodial 4.0 - 'CreateEvent' Persistent Cross-Site Scripting Author: Cakes Discovery Date: 2019-09-19 Vendor Homepage: https://goautodial.org/ Software Link:...
GOautodial 4.0 - 'CreateEvent' Persistent Cross-Site Scripting
Exploit Title: GOautodial 4.0 - 'CreateEvent' Persistent Cross-Site Scripting Author: Cakes Discovery Date: 2019-09-19 Vendor Homepage: https://goautodial.org/ Software Link: https://downloads2.goautodial.org/centos/7/isos/x8664/GOautodial-4-x8664-Pre-Release-20180929-0618.iso Tested Version: 4.0...